---
# tasks file for realm
- name: ntp configuration
  ansible.builtin.copy:
    src: ntp.conf
    dest: /etc/ntp.conf
  notify: restart ntp

- name: realm check
  ansible.builtin.shell: "realm list | grep okb3.local"
  register: realmcheck
  changed_when: realmcheck.failed
  failed_when: false

- name: realm join
  ansible.builtin.include_tasks:
    file: "{{ ansible_distribution_release }}.yml"
  when: realmcheck.rc != 0

- name: sssd config
  ansible.builtin.template:
    src: sssd.j2
    dest: /etc/sssd/sssd.conf
  notify: restart sssd

- name: winbind stop
  service:
    name: winbind
    state: stopped
    enabled: no

- name: realm sudoers
  ansible.builtin.lineinfile:
    path: /etc/sudoers.d/realm
    line: '%администраторы\ домена ALL=(ALL) ALL'
    mode: 0440
    create: yes
    validate: 'visudo -cf %s'
